NFT Security

Cryptocurrency and digital collectables (NFTs) are becoming very popular, and a lot of new investors and collectors are buying for the first time. While investors see this as a great opportunity in an emerging space, so do scammers and other criminal syndicates, who see these new investors as easy prey.

Below is a list of points and resources to ensure you stay as safe as possible.

Buy a hardware wallet

The best way to protect your crypto and digital collectables is to use a hardware wallet. This is a small USB-size device with a unique seed phrase for each device. Think of this as your own crypto safe that has no internet connection, making it nearly impossible for a hacker to infiltrate.

For more information on getting a hardware wallet visit Ledger. Ledger is one of the most popular hardware wallets. https://shop.ledger.com/

There are also accessories at Ledger that can help store your seed phrase, which are both waterproof and fireproof. https://shop.ledger.com/#category-accessories

Buy a VPN service

VPN (Virtual Private Network) services are a very cheap way of avoiding a man-in-the-middle attack from a hacker. If a hacker manages to break your connection to a website they will be able to monitor your activity, with the potential to feed you fake links that contain malware. A VPN service will protect you from this threat.

For the cost of £5-10 per month, it can be a small price to pay to ensure you are safe.

One we would recommend is NordVPN. https://nordvpn.com/

Avoid public Wi-Fi when using crypto

Connecting to public Wi-Fi while out and about may seem like a great idea to get the best connection. However, this is a bad idea when working with crypto and digital collectibles. It is possible to intercept internet traffic using public Wi-Fi, allowing others to view what you are doing.

The hackers won’t be able to access your account or assets in this way, but this may draw a large amount of attention to you and what you are working on. It would be more advisable to hotspot from your phone or, even better, wait till you are home or on a secure network to complete any transactions.

Beware of unsolicited emailed files

By far the most common method hackers use to take crypto and digital collectables is by sending their targets a malicious file disguised to look like it comes from a reputable company. Many of the most sophisticated email attacks have been addressed with the receiver’s name and may even reference a company they work for. Once you download the file, malware is installed on your computer, and it may be possible to get hold of your information and wallet addresses.

Top tips to stop this:

  • Make sure the address you have received the email from is legitimate.
  • Virus-scan the file before downloading.
  • Malware-scan your computer regularly.
  • Use a hardware wallet.

Don’t store your crypto on an exchange

If your crypto is stored on an exchange – for example, Coinbase or Binance – it is open to attack from hackers.

To withdraw your crypto you need to enter your personal wallet address into the exchange and start the transaction. Once you have your crypto on your own wallet you no longer need to worry about having an exchange be hacked or enter into financial difficulties while holding your crypto.

Add a browser extension to make transactions clearer

Signing for transactions can often be a nerve-racking experience, as you are never certain what exactly you are signing for. This has all changed now due to Pocket Universe. Simply download their extension browser, and when you make a Metamask transaction it will pop up to explain exactly what will occur once you sign. Here is a video of a sample transaction.

Pocket Universe 🟣 (@PocketUniverseZ) / Twitter

Revoke unused permission to your wallet

We have seen some high profile wallet-drains recently, due to old permission rights from the Opensea NFT marketplace being exploited. A great way to ensure you are not hit by a such an event is to revoke all unnecessary permissions on your NFTs. Simply connect your wallet to Revoke.cash and choose any you wish to cancel. All you need to pay is a gas fee and the contract will be revoked, keeping your assets safe.

Revoke.cash – Revoke your Ethereum token allowances

Twitter phishing scams

Twitter phishing scams are on the rise recently, with bots being used to get an account fake follower numbers. If a link to mint an NFT is sent to you over Twitter, be sure not to rush to mint. Projects do not drop shock mints 99.9% of the time!

  • Take your time, and make sure the artist’s account is genuine.
  • Try to find the artist’s Discord to ensure the mint link is genuine.

Twitter thread resources

There are some excellent Twitter threads that deep dive into personal security and potential risks. We’ll keep adding to the list below as we find them, so make sure to visit when you can.

Final words

Hopefully these points will help you navigate the start of your journey in the crypto space. We have covered numerous ways to protect yourself against the ever-savvy tech hackers and keep your crypto and digital collectables safe.

We will keep this page up to date as new ways emerge of scammers finding access to accounts. Make sure you make safety in this space your top priority. Do not make it easy for scammers.

If you want to find out more information on blockchain, crypto, NFTs and security, we suggest the Ledger Academy. It is filled with insightful topics to broaden your understanding of this space – from beginner to expert levels, it has you covered. https://www.ledger.com/academy